Partner Maria Theodoulou discusses computer evidence in Thomson Reuters Regulatory Intelligence

With the recent dramatisation of the Post Office scandal throwing reliance on computer evidence into the spotlight, Partner Maria Theodoulou explores the legal presumptions surrounding digital evidence.

Maria’s article was published in Thomson Reuters Regulatory Intelligence, 9 February 2023, and can be found here.

In 1999 the Law Commission recommended the repeal of s.69 of PACE 1984. That recommendation came into effect in 2000, resulting in a common law presumption that computer evidence would be considered reliable unless there was evidence to the contrary.

The repeal of s.69 resulted in a seismic shift of the evidential burden, from a position where computer evidence should be subject to proof that it was operating properly, to circumstances where the accused were tasked with rebutting a presumption that it did.

The recent on-screen dramatisation of the Horizon Post Office scandal has thrown reliance on computer evidence into the spotlight, something long overdue for the 700-plus postal workers who were victims of “an affront to the justice of the court”.

The presumption that the Horizon system was accurate resulted in a mistaken belief that the fault lay with the postal workers accused of wrongdoing. This blind presumption of software’s infallibility is at odds with the reality that there exists no computer expert who will claim to have created a perfect computer software programme. Even those systems that face the highest scrutiny, such as aviation programmes, are at risk of computer bugs.

It would be wrong, however, to conclude that this huge miscarriage of justice rests solely on the common law presumption and a mistaken belief that computer programmes are infallible. After all, prosecutions aren’t brought by digital devices. They don’t decide which cases to try, which pass the threshold, and what material falls to be disclosed.

Can we blame the change in the law? Or is that a deflection from the scrutiny that should have been applied by those responsible for bringing prosecutions and for trying them?

Those reporting difficulties with the Horizon system were told time and time again “It was you, and only you.” But the Post Office was aware of the problems with the Horizon software, and the Fujitsu software developer who raised the issue of bugs within the system has now said that the company did not want to fix the problem because it would have been too expensive and time-consuming. How could this apparent awareness not have been disclosed to those facing criminal charges and the people representing them?

Most watching the recent drama series would be shocked by the lack of disclosure during the investigation and prosecution of the postal workers. The wilful refusal to question the data and the continued suggestion that it was happening to “only you” might arguably be seen by some as a pathological determination to toe the party line.

This lack of transparency highlights the importance of the integrity of those relying on the digital evidence to bring criminal prosecutions. Such an obstructive approach to disclosure won’t come as a surprise to many defence practitioners, whose time is increasingly taken up with requests to examine material in criminal proceedings.

The volume of computer-based material on which many prosecutions are now based is vast, and the scale of digital evidence is incomparable in 2024 to 1984 or 1999. The capability of systems has also improved greatly during this period, but no system is perfect, and that capability also extends to methods available to defence experts to test the reliability of data if they are given the proper opportunity to do so.

A computer expert will also confirm that if there are software errors, it can be very difficult sometimes prove almost impossible to find them. Any such remote possibility becomes impossible when you are deprived of the material that enables you to carry out forensic enquiries to test the accuracy of data upon which your client is being prosecuted and further there is no chain of provenance of the data itself. A defendant needs to have the means to challenge that evidence and the disclosure available to do so. All too often, neither of those things are a given. This is further complicated by English judges, who appear to be refusing any adjournments, which would allow defence experts to complete their work.

The presumption is therefore often insurmountable, especially when David is pitted against Goliath. Couple that with David being deliberately misled about the rules of battle and/or being deprived of the relevant arms required to defend himself, and the outcome becomes an inevitable one.

Postmaster Seema Misra’s defence was made impossible because requests by her lawyers for disclosure relating to the Horizon computer system was refused.

Stephen Castrell, a computer software and engineering expert, was quoted in an article for Computer Weekly as saying:

“I was approached to be an expert witness on behalf of a defendant accused in a Horizon system case right at the start of the affair in 1999. If the solicitor seeking my assistance with one of those first Post Office prosecutions could have obtained legal aid to engage me professionally on behalf of the subpostmistress client, and if that legal aid would have been of sufficient level to allow me to carry out my standard penetrating technical forensic investigation demands for, and analysis of, the Post Office’s computer evidence, then I believe it is highly likely that I would have identified, revealed, explained and/or demonstrated the system’s fault(s) that were undiscovered and/or ignored when proceedings were subsequently pursued by the Post Office with legal actions over the next two decades, against hundreds of other subpostmasters and subpostmistresses.”

A similar pursuit for disclosure and the ability to properly instruct defence experts to examine computer-based evidence has dominated recent proceedings concerning the admissibility of EncroChat material in criminal prosecutions over the past 3 years. The infiltration of the EncroChat network in 2020 has led to more than 3,100 arrests, 1,240 convictions and a combined 7,938 years in prison sentences in the UK alone.

Yet in the prosecution of EncroChat proceedings, it has been accepted by the NCA that the French have refused to disclose the means of recovery of the data and the programmes used to process it, as well as how those processes were designed or operated, citing reasons of National Security.

It has also been accepted by the NCA that not only were the ACPO guidelines not followed in Operation Venetic prior to the data’s arrival at the NCA but that officers processing the data on receipt had not at that time being trained on the requirements of those guidelines. and hence did not follow them. The processing or transferring of data always runs the risk of damage or corruption; the only way to determine whether that has happened is to compare it to the source material, something that is not possible in these cases. Since the processing of data in Operation Venetic, those guidelines have now become statute under the Forensic Science Regulator Act 2021.

There remain serious questions over how the data was obtained and whether it can be properly relied upon in UK proceedings. Efforts to instruct defence experts to reverse engineer EncroChat devices in the hope of resolving the crucial question of how the data was obtained have been thwarted at every turn by the NCA.

The issue of whether the data was in fact obtained during transmission, thus making it inadmissible in proceedings before our courts, is still very much a live one. If it were to be found that the Venetic data should not have been relied upon in evidence, there would be appeals on a larger scale than Horizon.

The volume of appeals is not the only similarity. Proceedings have also challenged the integrity of those involved in bringing prosecutions, with the NCA’s ‘duty of candour’ being called into question during legal arguments made by the defence. In its ruling relating to the warrants used to obtain the EncroChat data, the Investigatory Powers Tribunal said that the “the history of disclosure in relation to this matter is not a happy one”. In ongoing proceedings defence lawyers have raised repeated concerns as to the conduct of NCA officers and the approach to disclosure, calling into question some aspects of professional judgment that have a bearing on credibility or reliability.

The often-obstructive approach to disclosure is perhaps unsurprising, given that the organisation was at the time headed up by Nikki Holland, the former director of investigations who has now been dismissed following findings of gross misconduct. The NCA does not believe the disclosures made in respect of Ms Holland undermine any ongoing prosecutions, but one might be forgiven for taking a rather sceptical view of that belief given the history of disclosure in these cases.

EncroChat proceedings are characterised by an unhappy, if not obtrusive obstructive, history of disclosure. That history falls to be considered alongside an unknown, untested computer technique that retrieved data processed by a software system we know little to nothing about. When reliance is placed on data produced in this manner, the reliability of which cannot be conclusively tested but upon which thousands of convictions are based, one might be forgiven for drawing compelling analogies.

Reliance on computer-based evidence should not only call into question the forensic integrity of the systems themselves, but also of those who wish to bring criminal proceedings based on the data that they produce. An integrity that cannot be measured by whether those responsible for investigating and bringing such prosecutions, whether from the Post Office or the NCA,  eventually make their way onto an Honours List.